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and play back the copy. Here, the KIOSK terminal 105 
records a Usage Rule that certifies the right to control 
recording of content on the SD memory card 100. Move 
Control Information showing the number of times that 
moving of rights is permitted is set in the Usage Rule. 
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content and records a copy on a recording medium. SD- 
Audio players 122 to 124 receive a copy of the content 
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Description 

BACKGROUND OF THE INVENTION 
Field of the Invention 

[0001 ] The present invention relates to a distribution system realized by a service for distributing copyrighted digital 
material such as Electronic Music Distribution (EMD), a semiconductor memory card, a receiving apparatus, a compu- 
ter-readable recording medium and a receiving method. 

Description of the Baclcground Art 

[0002] A distribution system includes a distribution server, a device for purchasing contents, and a playback appa- 
ratus for playing back contents, and gives people living around the world the opportunity to purchase copyrighted mate- 
rial via various global networks. If a personal computer owned by a user is used as the purchasing device, contents are 
purchased in the following way The user operates the personal computer, and transmits a purchase request to the dis- 
tribution server. Upon receiving the purchase request, the distribution server bills the user, and then transmits the cop- 
yrighted digital material. The personal computer operated by the user receives the transmitted copyrighted material, 
and writes it onto the hard disk (HD). If writing is performed correctly, the purchase of the copyrighted material is com- 
pleted. 

[0003] The purchasing device performs processing called check-out and check-in. Check-out refers to the process 
of recording copyrighted material (a first-generation copy) onto a portable recording medium such as a semiconductor 
memory card or a mini disc. The number of times check-out is performed by the purchasing device can also be limited 
to a predetemnined number, such as three or four If copyrighted material is recorded onto a portable recording medium 
using check-out, this copyrighted material can be played back using the playback apparatus. However, once check-out 
has been perfomned the predetermined number of times, the copyrighted material can be set in a state in which check- 
out is not permitted. Check-in, on the other hand, is the process of returning copyrighted material recorded on a porta- 
ble recording medium to the personal computer. If check-in is performed on a copyrighted material that has been set so 
that check-out is not pennitted, check-out of the copyrighted material becomes possible once more. Check-out and 
check-in are prerequisites for copyright protection, which prevents reduction in the copyright owner's profits. 
[0004] The following is a brief explanation of how copyright is protected when check-out and check-in are being per- 
formed. A unique identifier, called a Media-ID, is recorded in an area of the recording medium onto which a copy of the 
copyrighted material is to be recorded, the area being one that cannot be read by a nonnal user operation. When check- 
out is perfomned, contents are encrypted using the media ID unique to the recording medium. Thus, even if an ill-inten- 
tioned user copies contents that have been checked out onto one recording medium onto another recording medium, 
the media ID of the recording medium onto which the contents are copied differs from the media ID that was used to 
encrypt the contents (the media ID of the original disc). As a result, decryption cannot be properly performed, and cop- 
yright is protected. 

SUMMARY OF THE INVENTION 

[0005] The object of the invention is to pnavide a distribution system that provides a high level of convenience for 
the user, while protecting copyright, when a device manages the recording of copyrighted material using check-out, 
check-in and the like. 

[0006] Cun-ent distribution systems pose various obstacles to user convenience. Such distribution systems include 
the user's personal computer, as well as devices used as KIOSK tenninals in convenience stores, record stores, and 
stations. 

[0007] If the device used is a KIOSK terminal, copyrighted material is purchased in the following way First the 
KIOSK terminal prompts the user to provide a portable recording medium on which the copyrighted material is to be 
recorded, such as a semiconductor memory card or a mini disc. Once this portable recording medium has been con- 
nected to the KIOSK terminal, and the necessary charge paid, the copyrighted material is downloaded from the distri- 
bution server and recorded onto the portable recording medium. Users of KIOSK terminals can thus easily acquire their 
favorite music while shopping or on the way to worit or school. 

[0008] If copyrighted material is recorded onto a semiconductor memory card by a KIOSK terminal, however, a 
device other than the KIOSK temiinal is not allowed to check-in the copyrighted material recorded onto the semicon- 
ductor memory card by the KIOSK terminal. The reason forthis is as follows. Were check-in to be performed by another 
device, the copyrighted material on which check-in had been perfomned could be checked out three or four more times. 
If check-in by another device and check-out by the same device were to be repeated, a large number of first generation 
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copies would be made, and copyright protection made ineffective. Thus, checl<-in by other devices is completely prohib- 
ited in order to prevent this kind of proliferation of first generation copies. 

[0009] As a result, a user who has purchased copyrighted material from a KIOSK terminal will not be able to enjoy 
the ability to perfonn check-out and check-in at home using a personal computer. The fact that a user who has paid the 
5 required charge is not able to perfonn check-out and check-in shows a lack of consideration of the user and may reduce 
their desire to use KIOSK tenninals. 

[0010] In order to overcome the above problems and achieve the above object, the inventors of the present inven- 
tion suggest that a Usage Rule, showing the right to manage the recording of copies of copyrighted material, be moved. 
In the Secure Digital Music Initiative (SDMI), this Usage Rule is called Digital Rights Management Information (DRMI). 

10 Management of the number of copy generations and number of times copies can be made during check-out and copy- 
ing is perfonned based on this Usage Rule. A distribution system that moves the Usage Rule, thereby achieving the 
above object, includes a distribution server for distributing a content via a network, and first and second receiving appa- 
ratuses for receiving the content via the network, and records a copy of the content onto a recording medium in order 
to supply the content to a playback apparatus. Here, the first receiving apparatus may include a first receiving unit and 

15 a recording unit. The first receiving unit receives, via the network, a data set including the content and control informa- 
tion controlling copying of the content onto the recording medium, and holds the received data set. The recording unit 
generates authorization information showing whether moving the data set to another receiving apparatus is permitted. 
Then the recording unit records the content onto a distribution medium together with corresponding usage rule informa- 
tion including (1 ) the authorization information, and (2) the control information included in the data set. Here, the second 

20 receiving apparatus may include a second receiving unit, a data set moving unit, and a check-out unit. The second 
receiving unit receives the data set from the distribution server via the network, and holds the received data set. The 
data set moving unit reads authorization information from the distribution medium, and only when the read authorization 
information shows that moving the data set is permitted, (a) moves the data set from the distribution medium to the 
inside of the second receiving apparatus, and (b) holds the data set. The check-out unit performs check-out when the 

25 data set is held by one of the second receiving unit and the data set moving unit. Check-out is performed based on the 
control information in the held data set by generating a copy of the content included in the held data set and recording 
the copy onto the recording medium, the copy recorded onto the recording medium being supplied to the playback 
apparatus. 

[0011] A single device moves a content and a corresponding Usage Rule to two receiving devices, so that control 

30 of recording of a content and corresponding Usage Rule recorded onto a semiconductor memory card by a first receiv- 
ing apparatus (in the above example the KIOSK tenninal) can be performed by a second receiving apparatus (here, a 
personal computer). Recording of copies of copyrighted materials recorded by the KIOSK tenninal can be performed 
by the personal computer, so a user who has paid the appropriate charge to purchase a copyrighted material from the 
KIOSK terminal can perform check-out and check-in of the copyrighted material on their own personal computer. 

35 [0012] Here, the control information may indicate a number of remaining check-outs. The check-out unit may 
include a connecting unit for connecting to a recording medium, and recording a copy of the content included In the data 
set held by the data set moving unit onto the recording medium when a copy of the held content is not already recorded 
on the connected recording medium, and the number of remaining check-outs shown by the control information held by 
one of the second receiving unit and the data set moving unit is at least one. Furthermore, the second receiving appa- 

40 ratus may include a check-in unit and an updating unit When a copy of the content is already recorded on the con- 
nected recondlng medium, the check-In unit deletes the copy of the content recorded on the connected recording 
medium. The updating unit updates the control Information by decrementing the number of remaining check-outs when 
a copy of the held content is newly recorded on the recording medium, and Incrementing the number of remaining 
check-outs when the copy of the held content is deleted from the recording medium. In this distribution system, check- 

45 out performed by the second receiving apparatus can only be performed for the number of times shown by the control 
information, so that check-out cannot be performed beyond the limit set by the copyright owner. This ensures that the 
profits of the copyright owner will not be unfairly reduced. 

[0013] Here, the recording medium may have an assigned unique identifier The check-out unit may include an allo- 
cation unit and a storage unit. The allocation unit allocates a unique identifier to the held content. The unique identifier 

so is recorded onto the recording medium with the content when check-out is perfonned. The storage unit reads the 
unique identifier for the recorcling medium connected to the connecting unit from the recording medium, and stores the 
read recording medium identifier as a pair with the allocated content identifier. Furthennore, the check-in unit may 
include a read unit, a comparing unit, and a holding unit When a copy of the content has already been recorded on a 
recording medium connected to the connecting unit, the read unit reads the unique identifiers for the connected record- 

55 ing medium and the content. The comparing unit compares the pair of identifiers read by the read unit with the pair of 
identifiers stored by the storage unit to determine whether the copy recorded on the connected recording medium was 
previously produced by the second recording apparatus. When the copy was previously produced by the second 
recording apparatus, the holding unit reads the copy from the connected recording medium, holds the read copy, and 
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In^fh ^^%T! ^^"^""^ ^^'^'^■'"9 ^P^'^t"^ this distribution system per- 

^ZLn J' ^^^^'■"^'"^^ *e copy to be checked-in is one that was previously checked out by rtself by 

r«coSno«!;° ''f'" °! '"'^'"*"9 « ^e^x-ding medium identrfier and content identrfier The second 
If thl nrfn^ ■ r.^. ^^^""^ " ""^^ '^^^^ P^^^'^^^ly '^^^'^'^^^ there is no danger 

Of the prmcple that 'a device should not check-in a copy that has been checked out by another device" being ignored 

BRIEF DESCRIPTION OF THE DRAWINGS 

[001 4] These and other objects, advantages and features of the invention will become apparent from the followino 
^:^"::^^^:r accompanying drawings wh.h illustrate a specific eZdimenl oUhl 

Rg. 1 shows a data structure of a copyrighted material; 

Fig. 2A shows a srtuation (1) In which a copyrighted material is recorded onto a recording medium without an 
accompanying encryption key and Usage Rule information; 

RSelnfoIl^afen ^ copyrighted material is recorded onto a recording medium wrthout Usage 

CJagTR^tTn^fon^Sior ^ " " ""^"^"^ 

Fig. 3A shows an external view of an SD memory card; 

Rg. 3B shows a hierarchical structure of an SD memory card 100; 

Rg. 3C shows a physical structure of the SD memory card 100; 

Z^l\T°^f ^ ^'^"f incompatible device is connected to the SD memory card 1 00 whose pro- 

tected area stores only an encryption key; ^ 

r^^^lfn^r^K^ T^'^^ ^ compatible device is connected to the SD memory card 100 whose protected 

area stores only an encryption key; k-iuicoicu 

Rg. 4C shows a situation in which a compatible device is connected to the SD memory card 1 00 whose protected 
da^ ttnSer!" " ""^^^ ^^"^^ ""'^ '"'^'"^'"^ 'ntornimton auToSng 

^ ^'"T" L" ''^''^ ^ «>f"Patible device is connected to the SD memory card 1 00 whose protected 
area stores an encryption key and a Usage Rule, the pemiitted number of moves included in the Usage Rule being 

Rg. 5 shows a situation where a KIOSK terminal is installed in a station or store; 

Z ItTZ^^ ^p"f' °" .^"'^'^P*^'^ '^^t^ f°™'"9 the copyrighted material, plain text data, an encryption 

key. and a Usage Rule are written into the SD memory card 100 by a digital temiinal 109 that is a mobile pTne; 

Rg. 6B shows a situation In which encrypted data, plain text data, an encryption key. and a Usage Rule tormina the 
copyrighted material are written into the SD memory card 100 by a dig JtemiinaM 1 0 that is Jn STB; 

Rg. 7A shows a variety of customer devices; 

Rg. 7B shows a variety of SD-Audio players; 
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Figs. 8B and 8C show a situation in which the personal computer 1 1 1 performs check-out and check-in three times; 

Fig. 9 shows a distribution server included in a track distribution system related to the embodiments, a plurality of 
devices, and a playback apparatus; 

Fig. 1 0 shows a data structure of title and package for copyrighted data when distribution is performed; 
Fig. 1 1 shows a hierarchical data structure of a Default Offer; 

Fig. 1 2 shows files and directories formed to record a data set for a copyrighted material; 
Fig. 13 shows a hierarchical structure of an AOB file; 

Fig. 14 shows playback contents when each AOB and AOB block recorded in an AOB file is played back in 
sequence; 

Fig. 15 shows eight AOB files stored in a title (music album) shown in Fig. 14; 
Fig. 16A shows a detailed hierarchical structure of a Track Manager; 
Fig. 16B shows a detailed structure of a TKGI; 

Fig. 1 7 shows the mutual relationship between TKIs and the AOB files and AOBs shown in Fig. 1 4; 

Figs. 1 8A and 1 SB show the setting of TKIs when two tracks are combined into one; 

Figs. 19A and 19B envisage a situation when one track is divided into two; 

Fig. 20 shows clusters 007 to DOE stored in an AOB formed from AOB_ELEMENTs #1 to #4; 

Fig. 21 shows an example TKI_POB_SRP settings for tracks TK#1 to TK#4 included in the Track Manager; 

Fig. 22 shows the mutual relationship between Default_Playlist information, TKIs, and AOB files; 

Figs. 23A and 23B envisage a situation in which track order is changed; 

Fig. 24 shows the internal structure of •STKI"*.SDT; 

Fig. 25 shows conrespondences between AOB#1. AOB#2, AOB#3, POB001.SA1, and POB002.SA1 included in a 
directory SD_AUDIO, and STKI001 .SDT, STKI002.SDT, and STKI003.SDT included in a directory SD_ADEXT; 

Fig. 26 shows a structure of AOBSA1 .URiy/i; 

Fig. 27 shows con-espondences between AOBSA1.KEY, AOBSA1.URM, and AOB files, when the SD_AUDIO 
directory contains eight files, eight con-esponding encryption keys are recorded in AOBSA1 .KEY, and eight corre- 
sponding usage rule entries are recorded in AOBSA1.URM; 

Figs. 28A and 28B show correspondences between AOBSAl .KEY, AOBSAl .URM, and AOB files; 
Fig. 29 shows an internal structure of a Title Key Entry; 

Figs. 30A and 30B envisage a case in which all audio objects in a user data area of the SD memory card 100 are 
moved to the customer device; 

Figs. 31 A and 31 B show the files arranged in the user data area of the SD memory card 100 when only three of the 
eight audio objects in the user data area are moved; 

Fig. 32 shows how AOB files, POB files, and STKI files are moved from the SD memory card 100 to local storage; 
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Fig. 33 shows a structure of a digital terminal; 
Fig. 34A shows a structure of a customer device; 
5 Fig. 34B shows a structure of SD-Audio players 122 to 1 24; 

Rg. 35 shows an internal structure of a secure processing unit 26 in a digital terminal; 
Rg. 36 shows an intemal structure of a secure processing unit 38 in a customer device; 
Rg. 37 is a flowchart showing the procedure performed by a sales sen/ice control unit 27; 
Rg. 38 is a flowchart showing the procedure perfomied by a sales sen/ice control unit 27; 
Rgs. 39 to 41 are flowcharts showing the procedure perfomied by a library control unit 37; 
Rg. 42 shows a directory structure of a protected area and user data area related to a second embodiment; 
^ Rg. 43 shows a data structure of Extended Title Key Entry included in P_AOBSA1 .KEY; 

Fig^ 44 is a flowchart showing the content of processing perfomied by the Mbran. contr.>l unit 37 when previewing; 

^^^^^ ^^""■^^'^ """'^'^^ — p- 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 

orniBo irom enoivptca data, plain ten elala. an encryption key usea to encrypt the data and a Usaos Hiii» in. 
SJSS?;? ^""""^ '-'Vpiec data are ^PEO-^^Z^^^^ZJ^lllL^^' 

ss S!!f],nn f."""^ ! ""^'^^ ^ copyrighted material including a Usage Rule is recorded on a 

[0020] Next, a distribution medium that can store copyrighted materials securely is explained. In the embodiments. 
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an example of such a distribution medium is a semiconductor memory card (hereafter referred to as a Secure Digital 
(SD) rriemory card). An SD memory card 1 00 shown in Fig. 2C has the external structure shown in Fig. 3A, being 32.0 
mm long, 24.0 mm wide and 2.1 mm thick: about the size of a postage stamp, and small enough for a user to hold on 
the tip of one finger. The SD memory card 100 has nine connectors for connecting to a device, and a write protect 

5 .switch 1 01 on one side, which can be set by the user to permit or prohibit overwriting of recotxJed data. 

[0021] Fig. 3B shows a hierarchical structure of the SD memory card 1 00. As shown in the diagram, the hierarchical 
structure of the SD memory card 1 00 is formed from a physical layer that securely stores the data set forming the cop- 
yrighted material, a file system layer that is accessed based on a File Allocation Table (FAT, ISO/IEC 9293), with a clus- 
ter being the smallest unit of access, and an application layer storing encrypted data, an encryption key, plain text and 

TO a Usage Rule forming the copyrighted material. 

[0022] Fig. 3C shows the structure of the physical layer of the SD memory card 100. In the drawing, the physical 
layer of the SD memory card 1 00 includes a system area 1 , a hidden area 2, a protected area 3, AKE processing units 
4 and 5, a Ks decrypting unit 6, a Ks encrypting unit 7, and a user data area 8. 

[0023] The system area 1 is a read-only area storing a media key block (MKB) and a media ID. The MKB and media 
15 ID stored in this area cannot be overwritten. Suppose that the SD memory card 100 is connected to a device, and the 
MKB and media ID read by that device. If the connected device correctly performs a specified calculation using a device 
key Kd held internally, it can obtain a correct encryption key Kmu. 

[0024] The hidden area 2 stores the encryption key Kmu having the correct value, in other words the encryption key 
Kmu that should be obtained if the connected device performs correct calculation using the correct device key Kd. 

20 [0025] The protected area 3 stores an encryption key and a Usage Rule. 

[0026] The AKE (authentication and key exchange) processing units 4 and 5 perfomn mutual authentication 
between a connected device and the SD memory card 100 using the challenge-response method, verify the authentic- 
ity of the opposing device, and if the opposing device is invalid, stop processing. If the opposing device is valid, however, 
an encryption key (session key Ks) is shared by the device and the SD memory card 100. Authentication perfonned by 

25 the device connected to the SD memory carcl 1 00 has three phases. Rrst, in a first challenge phase, the device gener- 
ates a random number, encrypts the random number using the encryption key Kmu, and transmits the encrypted ran- 
dom number to the SD memory card 1 00 as a challenge value A. Then, in a first response phase, the SD memory card 
100 uses the encryption key Kmu stored internally to decrypt the challenge value A, and transmits the decrypted value 
to the connected device as a response value B. Following this, in a first verify phase, the connected device decrypts the 

30 challenge value A held internally using its encryption key Kmu, and compares the decrypted value with the response 
• value B transmitted from the SD memory card 1 00. 

[0027] Authentication perfonned by the SD memory card 100 also has three phases. First, in a second challenge 
phase, the SD memory card 100 generates a random number, encrypts the random number using the encryption key 
Kmu, and transmits the encrypted random number to the connected device as a challenge value C. Then, in a second 

35 response phase, the connected device uses the encryption key Kmu stored internally to decrypt the challenge value C, 
and transmits the decrypted value to the SD memory card 1 00 as a response value D. Following this, in a second verify 
phase, the SD memory card 100 decrypts the challenge value C held internally using its encryption key Kmu, and com- 
pares the decrypted value with the response value D transmitted from the connected device. 

[0028] If the connected device uses an improper encryption key Kmu to perform mutual authentication, challenge 
to value A and response value B in the first verify phase and challenge value C and response value D in the second verify 
phase will be judged to be non-matching values, and mutual authentication will be stopped. If the authenticity of the 
opposing devices is verified, however, the AKE processing units 4 and 5 calculate an exclusive OR of challenge value 
A and challenge value C and obtain the session key Ks by decrypting the exclusive OR using the encryption key Kmu. 
[0029] The Ks decrypting unit 6 uses the session key Ks to decrypt an encryption key and Usage Rule which has 
45 already been encrypted by session key Ks and output from the connected device. The encryption key and Usage Rule 
obtained by this decryption are written into the protected area 3. 

[O030] The Ks encrypting unit 7 receives a command from another device connected to the SD memory card 100 
instructing it to read the encryption key and the Usage Rule, encrypts the encryption key and the Usage Rule stored in 
the protected area 3 using the session key Ks, and then outputs the encrypted encryption key and the Usage Rule to 

50 the device that issued the command. 

[0031] The user data area 8 can be accessed by a connected device regardless of whether that the authenticity of 
that device has been verified, and stores encrypted data and plain text data. If the encryption key read from the pro- 
tected area 3 has a con-ect value, the encrypted data stored in the user data area 8 can be correctly decrypted. Reading 
of data from the protected area 3 is performed together with decryption performed by the Ks decrypting unit 6 and 

55 encryption performed by the Ks encrypting unit 7. Therefore, the protected area 3 can usually only be accessed by a 
connected device when that device has successfully performed AKE processing. 

[0032] The following is an explanation of data obtained by a device connected to the SD memory card 100, the SD 
memory card 100 having a data set that constitutes a copyrighted material. 
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T ^ ""^^ exampie. in which an incompatible device is connected to the SD memorv card 1 00 

SsJa s,!l'^ TuT" tT H 1= '■-"ected ,o .he memory «rd 100. whose pro- 

[0037] This completes the explanation of the structure of the SD memory card 100 Next a device used In Fiwin « 
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yrighted materials recorded on the SD memory card 100 or local storage. Fig. 7A shows various types of customer 
devices, for example personal computers ( 1 1 1 to 1 1 6) and audio systems (1 1 7 to 1 21 ), and Rg. 7B shows various types 
of SD-Audio players used to play back contents. All of the devices shown in Fig. 7A have internalized local storage and 
manage a home music library Local storage includes a protected area and user data area, and is a recording medium 

5 that securely stores data sets formed of copyrighted materials, as shown in the examples of Fig. 4. The following is an 
explanation of the functions performed by such consumer devices, taking a personal computer as an example. 
[0042] First, the method by which customer devices obtain copyrighted materials using the network route is 
explained. Fig. 8A shows the distribution server 103, and customer devices belonging to a plurality of users (personal 
computers 1 1 1 to 1 16), all connected to a network. Customer device ill, like a digital terminal, can access the distri- 

10 bution server 103 via the network, and obtain one or more of a plurality of copyrighted materials, accumulating the 
obtained copyrighted materials in local storage. 

[0043] A home music library can be constructed in local storage by repeatedly obtaining copyrighted materials via 
the network, and check-out and check-in of each copyrighted material can be managed based on the corresponding 
Usage Rule. Figs. SB and 8C show a situation in which the customer device 1 1 1 can perform check-out and check-in 

IS up to three times. In other words, the Usage Rule shows that check-out is permitted, and if an upper limit is set on the 
number of check-outs, check-out can be performed until this limit is reached. This process is performed as follows. The 
SD memory card 1 00 is connected to the customer device 111, and if a check-out instruction is issued, encrypted data 
and plain text data are written into the user data area 8 on the SD memory card 1 00. An encryption key corresponding 
to the copyrighted material is also written into the protected area 3. Then a number of check-outs is decremented. If the 

20 data setforming the copyrighted material is recorded onto three SD memory cards 1 00. thereby causing the number of 
check-outs to be decremented to 0, the customer device 111 sets the encryption key, encrypted data, and plain text 
data stored in local storage in a state that does not permit check-out, as shown in Fig. 8C. 

[0044] Here, performing check-out enables a data set forming a copyrighted material to be recorded on the SD 
memory card 100, thereby enabling a compatible device to play back the copyrighted material when connected to the 

25 SD memory card 1 GO, but not to copy it to another recording medium. The reason for this is that the compatible device 
does not have a Usage Rule, and so cannot read the encryption key from the SD memory card 1 00 and record it onto 
its own internalized recording mediunn or another recording medium. If an incompatible device attempts to read and 
record a data set from the SD memory card 100, such a device cannot access the protected area 3 (see Fig. 4A), and 
so is unable to obtain the encryption key and the Usage Rule. Therefore, in actual fact, the copyrighted material 

30 recorded on the SD memory card 1 00 cannot be recorded onto another recording medium without the Usage Rule. This 
means that a first generation copy from the customer device onto the SD memory card 100 is permitted, but a second 
generation copy from the SD memory card 1 00 onto another recording medium is not pemitted. By preventing second 
generation copies, unlimited copying is prohibited. 

[0045] Next, the method by which customer devices obtain copyrighted material via the SD memory card route is 

35 explained. Fig. 9 shows a distribution server 1 03 Included in a track distribution system relating to this embodiment, and 
a plurality of devices and playback apparatuses, when the customer device 1 1 1 obtains the copyrighted material via the 
SD memory card route. Processing perfonned by the SD memory card 1 00 to obtain the copyrighted materials is as 
follows. When, as shown by arrow mvl , the Usage Rule of the copyrighted material stored on the SD memory card 1 00 
includes Move Control Information showing that at least one move is pennitted, the customer device 1 1 1 reads the data 

40 set forming the copyrighted material from the SD memory card 100 as shown by the an-ow mv2, and records the read 
copyrighted material in internalized local storage. Following this, the data set forming the copyrighted material is deleted 
from the SD memory card 100. By fetching the copyrighted material from the SD memory card 100 and then deleting 
it, the same conditions are created within the customer device 11 1 as when the copyrighted material was obtained by 
the network route. After this, the customer device can perform check-out based on information in the Usage Rule. On 

■45 the other hand, if the Usage Rule of the copyrighted material recorded on the SD memory card 100 as shown by the 
anx)w mv3 includes Move Control Information showing that moves can be performed 0 times, the customer device 1 1 1 
cannot read the data set forming the copyrighted material from the SD memory card 100. The SD memory card 100 
can be inserted directly into SD-Audio players 122, 123 or 124 bypassing the customer device, as shown by the an'ow 
msl , and played back. Copyrighted materials whose Usage Rules cannot be moved may be sold at a lower price. 

so [0046] When the permitted number of moves in the Move Control Information has been set at 1 by the distribution 
server 103 in Fig. 9, the Usage Rule is moved between recording media with the pennitted number of moves in the 
Move Control Information being reduced in the following way. 
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[0050] SD-Audio players 122 to 124 perform check-out to play back, using an encryption key, encrypted data 
recorded on a portable recording medium. SD-Audio player 122 is a set of headphones, SD-Audio player 123 is a port- 
able device, and SD-Audio player 124 is a wristband device. Users can use such devices to play back the encrypted 
5 data on the way to work or school. In one example in Fig. 9, if a data set forming a copyrighted material is moved to the 
customer device 1 1 1 , the customer device 1 1 1 checks out the encrypted data and encryption key based on the details 
written in the Usage Rule, to, for example, three portable recording media. If the encrypted data and encryption key is 
checked out to three portable recording media in this way, the SD-Audio players 1 22 to 1 24 can reproduce the data that 
has been checked out. 

10 [0051] This completes the explanation of the devices used in EMD. Next, the data set fonning the copyrighted mate- 
rial will be explained in detail. First, the format in which copyrighted materials are transferred from the distribution server 
103 to a digital terminal, in other words the data structure of the copyrighted material at distribution, is explained. Cop- 
yrighted materials in units such as songs are distributed in units called packages, and collections of copyrighted mate- 
rials such as music albums in units called titles. The data structure of packages and titles is explained with reference to 

15 the example shown in Fig. 1 0. In the drawing, a title is formed from one or more packages #1 to #N. Each package is a 
distributable file, and includes a header, a Navigation Structure, a plurality of Content Elements (CEL#1 , #2, #3 and so 
on) and a Default Offer. 

[0052] The Navigation Structure is data showing the playback control procedure, indicating how each Content Ele- 
ment is to be played back. In the example in Fig. 1 0, the Navigation Structure indicates that the picture object of CEL#3 

20 is to be displayed when CEL#1 is played back. 

[0053] Content Elements (CELs) are infomnation elements which form the copyrighted material, allocated in terms 
of media type. In this case the copyrighted material is a song, and includes audio, a promotion picture that is to be dis- 
played when the song is played back and the like. A package stores such data as different CELs according to media 
type. The third level in Fig. 10 shows example CELs. CEL#1 is MPEG-AAC stream data obtained by encoding the 

25 sound of a certain song, CEL#2 is a time search table showing data intervals in the MPEG-AAC stream of CEL#1 when 
that stream is accessed at two-second intervals, and CEL#3 is JPEG still picture data to be displayed as a background 
image when CEL#1 is played back. Thus, it can be seen that information for each media type relating to a song is stored 
as an individual GEL inside a package. Of this data, the AAC stream data and the still picture data are encrypted to 
obtain copyright protection, and stored in the package as encrypted data. 

30 [0054] The 'Default Offer" is information showing commercial requirements to be applied when the copyrighted 
material is sold, and includes a retail price and an encryption key for decrypting encrypted data included in the copy- 
righted material. 

[0055] Rg. 1 1 shows the hierarchical data structure of the Default Offer. In the drawing, the Default Offer includes 
an 'Offer Header*, a 'GEL Keychain', and a 'Digital Right Management' (DRM), which is a Usage Rule indicating the 
35 rights to control recording of the copyrighted material. The internal structure of the GEL Keychain is shown within the 
broken lines Dfl, and includes a GEL Keychain Header (CKH). an attribute for the GEL Keychain CK_ATR, and GEL 
Keys (GKs) #1, #2, #3, #4 to #n, each used to decrypt GELs included in a same package. 

[0056] The internal structure of the DRM is shown within the broken lines Df2. The DRM includes 'Move Control 
Infonnation' (MVCNTI), 'Gheck-Out Control Infomnation" (COGNTI), "Permitted Playback Count' {PB_GOUNT), andcon- 
40 tents distributer IDs 'PDDRM_FR_ID1 " to 'PDDRM_FR_ID4'. Move Control Information indicates whether a move from 
the SD memory card 100 to local storage is permitted when the copyrighted material is already recorded on the SD 
memory card 1 00. The Check-Out Control Information indicates the number of times check-out by the customer device 
is permitted when the copyrighted material is moved to local storage. 

[0057} The Pemnitted Playback Count indicates the conditions under which playback of the copyrighted material is 

45 pemnitted. 

[0058] The detailed setting of the Move Control Infonnation is shown between broken lines pyl . A setting of OOh 
indicates that a move from the SD memory card 100 to local storage is not permitted, while a setting of 01 h indicates 
that one move from the SD memory card 100 to local storage is permitted. The digital terminal that received the pack- 
age decrements the number of permitted moves shown by the Move Control Infomnation by 1 , and then records the dec- 

50 remented information on the SD memory card 1 00 by the digital terminal. 

[0059] The detailed setting of the Check-Out Control Information is shown between the broken lines py2. A setting 
of 001 indicates that check-out of the copyrighted material is permitted only once (to only one recording medium), a set- 
ting of 002 indicates that check-out of the copyrighted material is permitted twice (to two recording media), and settings 
of 3 and 4 indicate that check-out is penriitted to three and four recording media respectively. 

55 [0060] The detailed setting of PB_COUNT is shown between the broken lines py3. PB_COUNT includes a Play- 
back Time indicating the number of seconds counted during one playback of the copyrighted material, and a Playback 
Counter indicating the number of times that playback of the copyrighted material is permitted. 

[0061 ] Next, thee data structure into which the data set fomning the copyrighted material is converted when the cop- 
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[0075] AOB#4 has a playback time of 8.4 minutes and is the first (or 'head') part of the Song D that has a playback 
time of 30.6 minutes. The AOB_BLOCKs included in A0B#5 and AOB#6 are middle parts of the Song D and also have 
playback periods of 8.4 minutes. The AOB_BLOCK included in AOB#7 is the end part of the Song D and has a playback 
period of 5.4 minutes. In this way, a song that has a total playback period of 30.6 minutes is divided into (8.4 + 8.4 + 8.4 
5 + 5.4-minute) parts that are each included in a different AOB. As can be seen from Ftg. 14, the AOB included in each 
AOS file Is subjected to a maximum playback period of 8.4 minutes. Fig. 15 shows the eight AOB files stored in the title 
(album) shown in Fig. 1 4. 

[0076] 'POB'*'.JPG' and 'POB"*.SP1' are files storing still picture data. The difference between the two types of 
file lies in the area of copyright protection. While a file POB*".JPG simply stores still picture data in JPEG (Joint Pho- 
10 tographics Experts Group) format, a file POB***.SPl stores data that is encrypted to protect the copyright of the still 
picture (the extension SP1 stands for Secure Picture, indicating that copyright protection is required). 
[0077] The file 'SD_AUDIO.TKIVI' contains data that has inherited the content of the package header. Navigation 
Structure, and time search table, and includes a Track Manager. 

[0078] Fig. 16A shows a detailed hierarchical structure of the Track Manager. In other words, logical formats posi- 
15 tioned on the right side of the drawing show the structure of logical formats positioned to their left in the drawing in more 
detail. Broken lines are used to indicate clearly which part of the logical fonnat on the left side is shown in more detail 
by the logical format on the right side. If the structure of the Track Manager represented in this way in Fig. ISA is referred 
to, it can be seen that it is formed from n pieces of Track Information (abbreviated to TKI), #1 to #n, as shown by the 
broken lines hi. TKIs are information used to manage AOBs recorded in AOB files as tracks, and one TKI corresponds 
20 to each AOB file. 

[0079] Referring to Fig. 1 6A, it can be seen that each TKI, as shown by the broken lines h2, includes Track_General 
Information (TKGI), and a Track_TextJnformation_Data_Area (TKTXTI_DA) recording text infomnation unique to the 
TKI, such as an artist name, an album name, an arranger name, and a producer name, and a 
Track_Time_Search_Table (TKTMSRT) in which the playback time Is restricted to 8.4 minutes. 

25 [0080] FIG. 17 shows how the TKIs in FIG. 16 correspond to the AOB files and AOBs in FIG. 14. The boxes on the 
first level in FIG. 1 7 show a sequence of tracks Track A to Track E, the large frame on the second level shows the Track 
Manager, while the third and fourth levels show the eight AOB files given in FIG. 1 4. The eight AOB files record the eight 
AOBs shown in FIG. 1 6, and form a music album including Track A, Track B, Track C, Track D, and Track E. The second 
level shows the eight TKIs. The numbers '1', to '8' assigned to each TKI are the serial numbers used to identify each 

30 TKI, with each TKI corresponding to the AOB file that has been given the same serial number, 001 ,002, and so on. With 
this in mind, it can be seen from FIG. 17 that TKI#1 corresponds to the file 'ACB001 .SA1 ', that TKI#2 corresponds to 
the file 'AOB002.SA1 ', TKI#3 corresponds to the file 'AOB003.SA1 ', and TKI#4 corresponds to the file ■AOB004.SA1 '. 
The correspondence between TKIs and AOB files is shown by the arrows TA1 to TAB in FIG. 1 7. In this way. each TKI 
corresponds to a different AOB recorded in an AOB file and gives detailed information that applies only to the con-e- 

35 spending AOB. 

[0081] The detailed structure of a TKGI is shown in Fig. 16B. As shown in the drawing, a TKGI includes TKLtD', 
TKIN', TKLBLK.ATR'. TKI_LNK_PTR'. 'TKLSZ', TKLPB_TM'. TKI_AOB_ATR'. TKI_POB_ATR, TKLTI1_ATR', 
TKI_TI2_ATR', TKI_TMSRT_SA', 'ISRC, TKI_APP_ATR', 'BIT, and 'TKLPOB.SRP'. 

[0082] An ID from which the TKI can be instantly distinguished is written In TKI_ID' (in the embodiments the ID is 
40 a 2-byte code 'A4'). 

[0083] TKI numbers in a range between 1 and 999 are written in TKIN". 
[0084] An attribute for the TKI is written in TKLBLK_ATR'. 

[0085] The following describes the settings of the TKI_BLK_ATR for each TKI in the example shown in FIG. 1 7. By 
referring to the TKI_BLK_ATR of each TKI, it can be seen that since the four pairs TKI#1/AOB001.SA1 , 

45 TKI#2/AOB002.SA1, TKI#3/AOB003.SA1, and TKI#8/AOB008.SA1 each con-espond to separate tracks, the 
TKI_BLK_ATR of each of TKI#1, TKI#2, TKI#3, and TKI#8 is set as Track'. The TLK_BLK_ATR of TKI#4 is set at 
'Head_of_Track', the TLK_BLK_ATR of TKI#7 is set at 'End.of.Track', and the TLK_BLK_ATR of TKI#5 and TKI#6 is 
set at ■Midpoint_of_Track'. This means that the AOB file 'AOB004.SA1' corresponding to TKI#4 is the start of a track, 
the AOB files 'AOBOOB.SAI ' and "AOBOOe.SAI ' con-esponding to TKI#5 and TKI#6 are midpoints of the track, and the 

50 AOB file 'AOB007.SA1 ' corresponding to TKI#7 is the end of a track. 

[0086] TKI_BLK_ATR can be set so that combine editing, in which any two of a plurality of tracks are combined to 
form a single track, and divide editing, in which one track is divided into a plurality of new tracks, can be easily per- 
formed. The following explains the change in TKI when two tracks are combined. 

[0087] FIGS. 1 8A and 18B show how the TKIs are set when two tracks are combined to produce a new track. The 
55 example in FIG. 1 8A shows a case when the user performs an editing operation to combine Track C and Track E into a 
single track. 

[0088] In this case, the AOBs that correspond to Track C and Track E are recorded in the AOB files AOB003.SA1 
and AOBOOB.SAI which correspond to TKI#3 and TKI#B, so that the TKI_BLK_ATRs of TKI#3 and TKI#8 are rewritten. 
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of cluster 007. Thus, it can be seen that the BIT manages the offset between the cluster boundary and the 
AOB_ELEMENT 

[0107] The field TKLPOB_SRP' indicates the POB to be displayed during the playback period of a specific AOB. 
a playback period being one of the time periods during which playback is performed according to a playback order spec- 
ified in the Playlist information. In other words, the Track Manager can indicate the POB to be displayed for each tracks 
bv setting the TKI_POB_SRP. , 
[0108] Fig. 21 shows an example of a setting of TKI_POB_SRPs for TKI#2 to TKIM included in the Track Manager 
The first level shows the Track Manager, and the second level three POB files. The Track Manager on the first level 
includes eight TKIs, and arrows indicate which of the TKLPOB_SRPs in TKIs reference the POBs. According to the 
reference relationships indicated by the arrows, the TKI_POB_SRPS in TKI#2, TKI#3, and TK1#4 indicate POB001 . 
POB002 and POB003 respectively. The data in POB001 to POB003 is linked to Tracks B, C, and D respectively. Since 
it would 'be meaningless if at least one POB were not to be reproduced when each track is played back, the 
TKI_POB_SRP in the TKIs ensure that the POBs are set so as to be reproduced during the entire time that the tracks 
are played back. , ■ ri 

[0109] This completes the explanation of theTKGI. Next, the remaining files shown in Fig. 12 will be explained. 
[01101 The file 'SD_AUDIO.PLM' contains information defining the playback order of a plurality of tracks, and 
includes Default_Playlist_Track_Search_Pointer3 ('DPL.TK.SRP') #1 to #m. Fig. 22 shows correspondences between 
Default Playlist Information. TKIs. and AOB files. The DPL_TKINs in DPL_TK_SRP #1 to #8 in the Default P'aylist Infor- 
mation indicate TKIs #1 to #8 respectively, so that each AOB file is played back as shown by the arrows (1 ) to (8). The 
following explains how an editing operation to change the playback order of tracks is performed by changing the order 
of DPL_TK_SRPs in the Default Playlist. Figs. 23A and 23B illustrate a situation in which track order has been changed. 
The setting of DPL_TK_SRPs and TKIs in Fig. 23A is the same as that in Fig. 22. The playback order in Fig. 23A is 
Track A Track B, Track C. Track D, and Track E. In the Default Playlist Information in Fig. 238, however, the DPL_TKINs 
for DPL_TK_SRP#3 and DPL_TK_SRP#8 have been interchanged, so the playback order is Track A. Track B, Track E. 
Track D, and Track Q Interchanging the order of DPL_TKINS in the Default Playlist Information in this way enables the 
track playback order to be easily changed. . 
[0111] The file 'POBOOO.POM' contains control infomnation for each POB. such as whether a POB is indicated by 
TKGI, and if it is indicated, the number of indications. , ^ ^ . *u 

[01121 This completes the explanation of files included In the SD_AUDIO directory. Next, files included in the 

< SD_ADEXT directory are explained. The directory name "SD.ADEXP stands for SD-AUDIO EXTENSION, indicating 
that the directory is an extension that has been added for data compliant with the SD-Audio Ver1 .1 standard. 
[01 1 3] The file 'STKr**.SDT contains Secure Track Information with an internal structure as shown in Fig. 24. From 
the drawing it can be seen that the STKI includes 256 bytes of Secure Track General Infonnation (S.TKGI). and a 256- 
byte Secure Track Text Information Data Area (S.TKDCTLDA). Comparison of the STKI'-.SDT file with TKI reveals 

; that the TKTMSRT present in the TKI is not present in the STKI. In addition, comparison of the TKGI in the TKI and the 
STKI reveals that the TKI_TMSRT_SA, and BIT present in the TKI. have been replaced by Free ID areas 1 to 4 
(S_TKI_FR_ID 1 to 4). S_TKLFRJD 1 to 4 are fields in which ID infomnation such as IDs for individual KIOSK termi- 
nals distribution formats and individual users are written. 

[0114] The following explainsthe differences between theTKI and STKI. Unlike the TKI. the STKI is moved together 
J with the AOB from the SD memory card 100 to local storage when the Usage Rule forthe copyrighted matenal is moved 
from the SD memory card 1 00 to local storage. Tlie STKI contains S_TKLFR_ID 1 to 4. and since these record IDs for 
individual KIOSK terminals, distribution fomiats. and individual users, the STKI is used as a kind of proof of purchase 
for distributed contents. ■ ..u «-i 

[0115] S_TKI files and AOB files have a one-to-one correspondence, files with the same three numbers in the file 
5 name being corresponding files. Fig. 25 shows the relationship between AOB files AOB001 .SA1 . AOB002.SA1 , and 
AOB003 SA1 POB files POB001.SP1. and POB002.SP1 included in the SD_AUDIO directory on the one hand, and 
STKI files STKI001.SDT, STKI002.SDT and STKI003.SDT included in the SD_ADEXT directory on the other hand. 
AOBS and STKts with matching serial numbers correspond, as shown by the an-ows AS1, AS2, and AS3. POBs corre- 
spond to STKI as indicated by the arrows PS1 and PS2, this relationship being determined by the S_SKLPOB_SRP m 
:o each S_TKI file. In the example of Fig. 25, S_TKLPOB_SRP in the file STKI002.SDT indicates POB001.SP1. and 
S_TKI_POB_SRP in the file STKI003.SDT indicates POB002.SP1 . 

[0116] This completes the explanation of files contained in the user data area 8. Next, the files contained in the pro- 
tected area 3 are explained. The protected area 3 in Fig. 12 has an SD_AUDIO directory containing files 'AOBSAI .KEY' 
and 'POBSPLKEY', and an SD_ADEXT directory containing files 'AOBSA1.URM' and 'POBSP1 .URM'. 
55 [0117] The file 'AOBSA1 .KEY' is an encryption key storage file recording encryption keys (Title Keys) for decrypting 
AOBs. These encryption keys each correspond to one of the plurality of GEL Keys included in the Default Offer area of 

[0118]^^^ The file 'POBSP1 .KEY' is an encryption key storage file recording encryption keys (Title Keys) for decrypting 
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file A0BSA1 .URM. ^ n»iner man AUBs, But the data structure is the same as that of the 

" SD!Af,D,o"d'.»;r:i:ignrrB~«^^ A0BSA,.URN, and AOB files wnen tne 

AOBSAtXEVandeXntUsagt Rrc;!S'p:r„;Zr„irre=r^^^^^^^ 

Sn.to^;rr™^d^r:;-<r,rri"drcrf.r^ -- --^.^ - correspond 

p;~t^rLzrr:t~%^^^^ - 

SD_AUDIO directory in the user data arpa fl Th^ I ■ files are arranged into the 

» rASo-ri ~- 
;2e^rer:rr:c.TrA» 

*^ r«.28Aand28Bsho»,.eT:: :r„o1"e3„rBS^^^^^^^^ 

the filename of an AOB file is 'AORnm <?fli . „ "^°'=«'-'^>=t, Aut!t>Ai.URM, and AOB files. When 

25 produced by addingVhe ^ th^efch Jacters 'aSb 'sa ^t^""' ^'^^ ^"""^'"^ -AOBSALKEY- 

and nk2. The usage ruie storlge^e is^^en the^^^^ .AOBSAl URm"°"h "'1'." ''^ "^^ 

Tosiorre^eCdt^s;^^^^^^^^^ 

given in the encryption Ly orage ?^^ 

a result, the Trtle Key and the Usaae Rufe thlt wtr^^r h t ^ ^ ^'^^^ ^o^^g^ Ale. As 

Entry- and the 'Usa^ RurEnt^" w^^ thl^^^^^^^^^^ h ^T"^' '^'^'^ ^"^ P^«««"t the Title Key 
thecorrespondence^etwLfA^OBJerr"^^^^^^ 

' Sg.a^J:^:™S— 
Sond^g~r^^^^^^^^^^ 

the SD memory card 1^0 to Lai borage ^ ^' ^""^ ° copyrighted material is rrioved from 

' f" with the'^c^irr ii^j: ~:arThe"rnt3 ^tr "^^"^^"-^ ^'^^ — 

Trtle Key Entry that is not ernVrrat fs^e Jhat hi T^nl? 7'"''^ ^"'^ ^"'"^ °' ^^"tent ID for a 

track and TKMAOBs) existTn^ onf to manv ct^^n!^^^^^^^^ """^ ''"^^^ ^ ^^^^ ^^hen a 

to the AOBs al, have the same X Mea :XwheTth:^S^^^^^^^^ '?! ™^ ^"^^'^ corresponding 

: ability Flag is set at 1 , and when the track and TKI hale a onT to man3^L T '^^"■^Pondence the Avail- 

the plurality of Trtle Key Entries is set at 1 and thLt wts *°.'".^"yf°'-'^sPondence. the Availability Flag for one of 
and the Availabilrty Flag s^tTt o a " ^^.^^^^^^^^^ at 0. If the Content ID is not 0. 

having the same Content ID are deLted This mea^s that rtTs ooIsLeT' T ' '° '''''' '° ^" ™' 
TKIs (AOBs) corresponding to one Content ID ^ ^ ^^^""^ specifying a plurality of 

EofthrLSagrR^u^'c^^^^^^^^^^ 

trol Information'. "Move Control InforZ^n r^ngger L r<?ontl nn^^^^^^^ '""^^^-^^^ Con- 

As shown by the T symbol in the d rawing the Imctur. ^f'th ^°"'^"V ^" 'Availability Flag', and an 'STI Ke/. 

including a Conteit 1^. an AvatbSrRag.lTaren^^^^^^^^^ ^ey 

SedjL'dTE™ 

•C HASH field^Ahash function isaoni'^fu^criorcara^^^^^^^^^^ 
>^.ueca.ses^eoutputvaluetod^ermarkedly.Furthe^ore.rtisirml^^^^^^^^^^^^ 
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value) from the input value. The value written in the C_HASH field is used when the customer device accesses the SD 
memory card 100, to verify whether the Enc-STKI, the Enc-STLKEY, and the Enc_AOB have been replaced by other 
data. 

[0128] In other words, when the SD memory card 100 is connected to the customer device, the customer device 
5 concatenates the Enc-STKI, Enc-STI_KEY, Enc_AOB together, and applies the SHA-1 algorithm to obtain a 64-bit 
C_HASH-Ref value, as below. The C_HASH-Ref value and the C_HASH written in the C_HASH field of the Usage Rule 
are compared. If the Enc-STKI, the Enc-STI_KEY, and the Enc_AOB are the same as when recorded on the SD mem- 
ory card 100, the C_HASH-Ref value will be the same as the value written in the Usage Rule, but if the Enc-STKI, the 
Enc-STI_KEY, and Enc_AOB have been tampered with, or replaced by other data, the C_HASH-Ref value calculated 
10 will differ markedly from the C_HASH In the Usage Rule. The C_HASH field is included in the Usage Rule with the 
object of having the customer device perform such a check. 

[0129] The 'Check-Out Control Information' shows the number of recording media on which the paired AOB and 
Title Key con-esponding to a Usage Rule may be recorded, when the SD memory card 100 is connected to a customer 
device and the Usage Rule moved from the SD memory card 1 00 to local storage. 

15 [0130] The 'Move Control Information' shows whether the movement of the right to control recording from the SD 
memory card 1 00 to local storage is permitted. If 1 is set, only one move is permitted, while if 0 is set, the movement of 
rights is not permitted. The number of permitted moves shown in the Move Control Information is decremented by 1 by 
the customer device connected to the SD memory card 100 having the Usage Rule. Following this, the decremented 
number is stored in local storage by the customer device. 

20 [0131] If the 'Trigger Bit' is set at 0, movement of rights can be judged by refemng to the Move Control Information 
alone, while if it is set at 1 , movement of rights is judged by referring to other information together with the Move Control 
Information. The Trigger Bit is provided in order to prepare for future feature expansions of the Usage Rule. In other 
words, judgement of whether a copyrighted material can be moved may need to be performed in future by referring to 
other conditions in combination with the Move Control Infomnation. If such a requirement exists, the Trigger Bit is set at 

25 1 , and the copyrighted material can be moved provided that the conditions are satisfied and that the Move Control Infor- 
mation is set at 1 . 

[0132] This completes the explanation of the application layer of the data. The following explanation focuses on how 
each of the files described above is moved when a copyrighted material is moved from the SD memory card 1 00 to local 
storage. 

30 [0133] Figs. 30A and 308 show how a data set forming a copyrighted material is moved from the SD memory card 
100 to local storage. Of the files arranged in the user data area 8, an AOB file, a POB file, and an STKI file are fetched 
into the user data area in local storage, as shown by the arrows MY1 , MY2 and MY3. Following this, the AOB file, the 
POB file, and the STKI file on the SD memory card 1 00 are deleted. Meanwhile the files AOBSA1 .KEY, POBSA1 .KEY, 
AOBSA1 .URM, and POBSP1.URM in the protected area 3 of the SD memory card 100 are fetched to the protected 

35 area in local storage, as shown by the an-ows MY4, MY5, MY6 and MY7. 

[0134] Figs. 30A and SOB are based on the assumption that all the audio objects in the user data area 8 of the SD 
memory card 100 are moved to local storage. Figs. 31 A and 31 B, however, show how files are arranged when only 
three of the eight AOBs are moved to local storage. In Fig. 31 A, AOBs #1 to #3, Title Key Entries #1 to #3, and Usage 
Rule Entries #1 to #3 are deleted from the user data area 8 and protected area 3 on the SD memory card 100, and 

to arranged instead in the user data area and protected area in local storage, as shown in Figs. 31 A and 31 B. 

[0135] Fig. 32 shows how AOB files, POB files, and STKI files shown in Fig. 25 are moved from the SD memory 
card 100 to local storage. In the drawing, AOB001.SA1, AOB002.SA1, AOB003.SA1, POB001.SP1, POB002.SP1, 
STKI001 .SDT, STKI002.SDT, and STKI003.SDT are deleted from the SD memory card 1 00, and these files are instead 
anianged in local storage. This completes the explanation of the structure of directories and files in the application layer. 

45 In local storage, directories have the same structure as on the SD memory card 100, but data may be converted to a 
distribution format, that is the format consisting of titles and packages shown in Fig. 10, and stored. The following is an 
explanation of the structure of a digital temninal. 

[0136] Fig. 33 shows the structure of a KIOSK type digital terminal. As shown in the drawing, the KIOSK terminal 
includes a released contents browser 21 for viewing a home music library composed of copyrighted materials that have 
50 been released by a record company, a touch panel 22 for receiving search requests and purchase requests for copy- 
righted materials, a communication unit 23 connected to a dedicated line such as a fiber-optic cable for transmitting and 
receiving copyrighted materials, a card connector 24 for performing input from and output to the SD memory card 100, 
a billing unit 25 for billing users by receiving cash payment using a coin vender or online payment using a cash card or 
IC card, a secure processing unit 26 for executing any required encryption and decryption when accessing the pre- 
ss tected area 3 of the SD memory card 1 00, and a sales service control unit 27 for performing combined control of sales 
services in the KIOSK tenninal. 

[0137] Fig. 34A shows the structure of a customer device, in this case a personal computer. The customer device 
includes a local storage 32 for recording a home music library composed of copyrighted materials that the user has pur- 
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rlr!! ^ ? ^'^^^'^'«'"9 recemng copyrighted materials, a card connecter 34 here a PCMCIA 

Lo remi^ cT no '^^'^ International Association) card adapter, for performing input from and outpuUo? t 

SD memory card 1 00. a home music hbrary browser 35 for browsing the home music library, an input recelvinq unit 36 
or rece,v,ng user operations, a library control unit 37 for performing, according to user opemtions proce^rg for^^^^^^ 

2 fnclTdedTtt f TT'^' """'^ "'""'y =^2- checklng-ou c7p"i^hted m^^^^^^^^ 

als .nc uded m the local storage 32 to another recording medium, and a secure processing unit 38 Tor execut^o 
encryption and decryption required when accessing the protected area 3 of the SD memo^Zl 0 ' 
34B Lh n^S'S'n f SD-Audio players 122 to 124 is explained with reference to Fig. 34B In Rg 

^^^^^ 

cornt^ned control of processmg in the SD-Audo players 122 to 124. The SD-Audio players 122 to 124 play back tr^S 
recorded on the SD memory card 100 by a customer device using check-out. ortracis recorded on the SD rnlmoS 
card 100 together With a Usage Rule that Indicates whether moving is permitted. Herrp^^acJ 'f "Jpy'igS^ 
laJs ,s explained as being performed by the SD-Audio players 122 to 124. but the cui^dfvii 3^^^^^^ 

; ^""''^^'"'Z ' °P^'^''°"^ "i^y be received by a digital terminal or customer device by using instead of 

relealV^"f ^ k " ^ ^'^"'P^'^- °' combination of these. Contents may L S^d on the 

released contents browser 21 and the home music library browser 35 via, for example, a CRT LhodTCtubera 
plasma display or an LCD (liquid crystal display). icamoae ray tutje), a 

[0140] The following is an explanation of the secure processing unit 26 inside the digital temiinal As shown in Fia 
35 the secure processing unrt 26 includes an MKB processing unrt 41, an ID processing un" ^2 an A^E pTo^essi^a 
rn Itf ^ r ^"'^^P*'"^ 44, an STl encrypting unit 45, and a Ks encrypting unit 46 processing 
He . l^f processing unit 41 reads an MKB stored in the system area 1 of the SD memory card 100 and a 
taTJ:'r f manufacturer of the digital temiinal. and obtains a 56-bit encryp^o^ke^ Kr^ perfol 

ing^a^specificcalculationusmgtheMKBand^ 

^^IhS m f ^"Tk '^""^T"^ encryption key Km from the MKB processing unit 41 . the ID processing unit 42 reads a 

[0143] The AKE processing unit 43 perfomis AKE processing using the encryption kev Kmu calculaterl hw th« in 
processmg unit 42. and the encryption key Kmu on the SD memory card 100 T?L AKE Pm^ssinf^^^^^^^ 
the 56-bit session key Ks resulting from this calculation to the Ks encrypting unrt 46 P'^'^^"^'"^ ""'^ 

STl'^^EY uITno iT^f'^T'^l^^'L'^ ^^'^^^ ^" ^'^'-''^^ '""^ ^'^^'"S KSTI is indicated), encrypts this 

?J The K^u^nrrl? ^f.?? ""^"^ processing unrt 42. and outputs It to the Ks encrypTng unit 

a C ^A^H L, T"^ unrt 44 also concatenates the Enc-STKI. the Enc-STKLKEY. andthe Enc AOB andTabulates 
Km,7^ r LT^'"^ ^'^"""^^ ^P°" °''^'"'"9 the encrypted STl KEY and"c HASH ^ue the 

kI ZTXr^:iu:T^^^^^^ ^ - encr^Sio:- z 

T^^...T.oTjr:^:^^^^^^^^ -^^-^ - — - - sd 

[0146] The Ks encrypting unit 46 encrypts a paired STKI and Usage Rule usinq the 56-bit session k^u kc ^„to„t 
from the AKE processing unrt 43. outputs the encrypted pair and writes'rt in the prTterd data ar^^^ 
[01 47] This completes the explanation of the structure of the secure processing unit 26 in the diqrtal terminal The 
llTrL^r''"" ^^'^"'^ processing unrt 38 in' he cust m r d^vS Te n ema 

?n752 an AKpTro"' P^^'^^-^S-^^^S -shown in Fig. 36. includes an MKB processing unit 51. an IDproreiing 
^48^' nnlT^ T . ■' ^ ^ ^""^P""^ ^' ^ '^^'^-yP^'^S ""it 55. and an STl decrypting unirJs 
MKR tH ^ ^""^^ '^^''"'^ connected to the SD memory card 1 00. the MKB processing unrt 51 reads an 
otairrsl-bTe^c^i^^n k^ ^ ^ ^^^"'^ " " ^ ^ ^ -V Kd.lherebJ 

oTrf?^ ID processing unit 52 reads a Media-ID from the system area 1 of the connected SD memorv card 100 

ST^n ^ ^"'^^P^'"" '^^y '^^^"'^t^d by the MKB proceStng unJ^I'Ta^dThe .lad 

Media-ID, obtaining a 64-brt calculation result, the lower 56 bits of which rt outputs to the ^Enr^LVnTlTL^ 
the Kmu decrypting unrt 55 as an encryption key Kmu. ^ processing unrt 53 and 

10150] The AKE processing unrt 53 perfomis AKE processing wrth the AKE processing unit 43 of the SD memory 
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card 1 00, using the encryption l<ey Kmu output from the Ks decrypting unit 54, and outputs the 56-bit calculation result 
to the Ks decrypting unit 54 as a session l<ey Ks. 

[0151] The Ks decrypting unit 54 reads an encrypted pair of Enc_STKI and Enc-Usage Rule stored in the protected 
area 3 of the SD memory card 100. and decrypts the encrypted pair using the 56-bit session key Ks output from the 
AKE processing unit 53. Then the Ks decrypting unit 54 outputs the decryption result to the Kmu decrypting unit 55. 
[0152] . The Kmu decrypting unit 55 performs decrypting using the 56-bit encryption key Kmu calculated by the ID 
processing unit 52. thereby obtaining an STKI and Usage Rule pair. 

[0153] The STI decrypting unit 56 reads the Enc-STLKEY from the user data area and decrypts the read Enc-fa i w 
using the STI_KEY. thereby obtaining an STKI. . 
[0154] The encryption and decryption perfonned by the secure processing units 26 and 38 is performed m oon- 
verted Cipher Block Chaining Mode (C_CBC mode). Suppose that the encrypted data is 512 bytes. In C_CBC mode, 
each 8-byte section of this data is treated as one block, and the first 8-byte block is decrypted using a 7-byte encryption 
key Mk. The 8-byte calculation result is held as a section key and used to decrypt the next 8-byte block, and so on. The 
512 bytes of data is decrypted in 8-byte units in this way. 

[01551 Furthermore, the processing sequence in which the session key Ks is shared via the AKE processing, 
encrypted data read from the SD memory card 100, encrypted data decrypted using the session key Ks, and then fur^ 
ther decrypted using the encryption key Kmu is referred to as a secure read. This processing sequence is performed 
when a specified read command (the secure read command) is issued to the SD memory card 100 by a connected 

[OlM] In addition, the processing sequence in which data is encrypted using the encryption key Kmu, and then 
encrypted again using the session key Ks obtained via the AKE processing, and the encrypted data transmitted is 
refen-ed to as a secure write. This processing sequence is performed when a specified write command (the secure write 
command) is issued to the SD memory card 1 00 by a connected device. This completes the explanation of the secure 
processing units 26 and 38. 

[0157] The following is an explanation of the sales service control unit 27 and the library control unit 37, which are 
control units performing combined processing control for the digital terminal and the customer device respectively 
[0158] The sales service control unit 27 includes ROM (read-only memory) storing an executable program written 
so as to perform combined control of the digital temiinal, RAM (random access memory), and a CPU (central process- 
ing unit) The flowcharts of Figs. 37 and 38 show the procedure performed by this executable program. The control con- 

> tent of the sales service control unit 27 is explained with reference to these flowcharts. When the processing of the 
flowchart in Fig 37 is initiated, at step S1 , the sales service control unit 27 has a list, introducing copyrighted materials 
that have been released by the record company displayed on the screen of the released contents browser 21 . and then 
moves to the loop processing of steps S2 and S3. At step S2. the sales service control unit 27 determines whether a 
user has made a purchase request for a copyrighted material and. at step 33. detenmines whether a user has made a 

; search request for a copyrighted material. If a search request has been made, step S3 is Yes, and processing moves 
to step 84 At step S4 the sales service control unit 27 receives a keyword input such as an artist name or song trtle 
from the user via the touch panel 22, and at step S5. searches for infomiation regarding copyrighted materials relating 
to the keyword from the distribution server 1 03 by accessing the distribution sewer 1 03 via the communication unit 23. 
Then at step S6. the sales service control unit 27 has a viewing screen showing the copyrighted materials resulting 

7 from the search displayed by the released content browser 21 , and then returns to the loop processing of steps S2 and 

rai59] If a purchase request is made by the user, step S2 is Yes, and processing moves to step S7, where the sales 
service control unit 27 waits for cash payment to be made to the billing unit 25. If money is inserted into the coin vender, 
the sales service control unit 27, at step S8, has a transmission request for a package con-esponding to a selected cop- 
5 yrighted material transmitted by the communication unit 23. Next, at step S9, the sales service control unit 27 waits for 
the package to be received, and at step S10, determines whether the package has been properly received. If the pack- 
age has not been properly received, processing moves to step SB, and the sales service control unit 27 has the com- 
munication unit 23 issue another transmission request. If the communication unit 23 receives the package properly the 
sales service control unit 27, at step S1 1 , converts the package to data compliant with the SD-Audio Verl.1 standard 
o and records it on the SD memory card 1 00. At step SI 2. the sales service control unit 27 determines whether data has 
been properly recorded on the SD memory card 1 00, and if not, gives a cash refund, at step S14. If data has been prop- 
erly recorded, the sales service control unit 27, at step SI 3, has the billing unit 25 finalize payment. Then processing 
moves to step SI , the sales service control unit 27 has an initial screen displayed by the released contents browser 21 . 
and moves to the loop processing of steps S2 and S3. . a -i- w ^ 

35 [0160] The following is a detailed explanation of how data is converted into data compliant with the SD-Audio Verl .1 
standard at step S1 1 , with reference to the flowchart in Fig. 38. When recording a copyrighted material onto the SD 
memory card 1 00, the sales service control unit 27 accesses the SD_AUDIO directory in the user data area 8 of the SD 
memory card 100 reads the AOB*".SA1 files, and performs a search to determine whether an unused file number 
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se^ice corner U.1, 27, ^rl'^^i^S^ L'? ""J"!' »' *OB- SAl tite is less than 999, the sales 

flies, and ,aco«s the AOB.Ll^mTs^A^tS^S^^^S*''""^^^ 

; the Track Manager stored in the user data ar*»a r thi ' ^ ^^'^^ ^^"^'^^ ^^^^ 27 opens 

AOB inside the Track Manager At ^eo^^^^^^^^ "^"^ ^""^^^^^ ^o^esponding to each 

igation Structure included inThe Se fn ihe pS^^^^^ '^'^ "^^-^ - deader and Nav- 

still picture data into POB files and a pSfiil lnH ^? ^"^'^'^ "^^"^S^^- Next, at step S24, it converts 

L^:ishowtrn\rr:?o:;r:nrja^^^^^^^^ 

and S91 is skipped, and the processing mo^^sr^ep sSl If thrnumbeTfs'; " ' "■"'"'"^ °' 

Next, at step S27. the sales service control ?7 nln . °' P^^^^ssing moves to step S27. 

ated in the Track ManagTAt7rS28^.^^^^^^^^ ^ ^ ^'""^'"^ °' ^"'"'^ ''^^^'^ °" P'"^'^ °f TKls gener- 

the generated keyTto encrypttach^^^^^ 9""^'^*"" ^ ^'"'"'^ °^ ^TLKEYs and uses 

sa,esse.iceconL,unit"2^T:its'a™;rr^^^ 

step S30. generates a Usage Rule corresponding to ea^AOB fn t^l n-^ R T m ° ^^''^ ^"'^ 

ice control unit 27 decrements the number of pe'nled moves ITZ^^^T.'''^''' ' ^^'^^ 
mitted moves, with the Check-Out Control Info^rmation, in eaS" Usag^ Rule st^SSP th^^^^^^ 

:r^:^s^c;:~~^:rr^ 
srm\-™r-^-^--~^^^^^^^ 

SD'rn'Lorv'SdlotanTatsttpiS 
Scomb;fd"c?n;r 

The flowcharts of Figs. 39 to 41 show heZcedure ni ri"" ""'"^^^^ ' ""^^ processing unit), 

lib^ry control unit37^s expLned wThS^ni to thKe^^^^^^^ P"^""' "^'^ -"^^"^ 

initiated, at step S41 . theTbrary col^t a^^^^^^^ f - ^'9- 39 is 

to the loop processing of steps S42 and S43 At SnZ^ thl ^ ^^""^^^ and then moves 

has been requested, and. at stepl^ wh^fheTa^crcheck^o^^^^^^^ '"^'^"^^ "'^^^^^ ^ ^-'^^ 

unrt 37 detemiines whether a track check Thi b^ n rea^-=^-H h ! At step S44, the library control 

material from a server computer bee r^'ei, Tf'a reouest t I' " ^""'"^^ °^ ^"PV^'S^^^^^ 

computer has been made. Lp S45 is Yes and oroci nn T I copyrighted material from the server 
hasadownload request t;ans^,2d;:ySc\mrn?Jl^"^^^^^^ 

package is received, the same processina as the Droc^,<,innTtK i. u ? ^ *° '^'^^'^^ ^ package. If the 

is performed, and at step S48. thelSSlL^t^run^^^^^^^^^ T °' ^^''"'''"^'^ ''^ ""'^^^ 

then moves to steps S42 to S45 ^''^ ^°^9^ 32. Processing 

pl^lngmreroltr^^^^^^ 

Rule Managerfromthe SD memor^ car 100 In t^i^ol lo^i oTx^,^^^^^^^^^ f^T^ ^ ^^'^"^^ ^^^'^ °^ ^-^e 

card 1 00 are each indicated by a variable #x" T^eo S72 th!Th ^ °' '^'^^^ °" '"^^^^'V 

at step S73. checks the Trigger Bit of Us^ge Ru^l#?^fSril??nTsTr^^ ^^'"^ 
ing to step S79 and incrementing the variable #xThJn nr Jl^ ' ^"^^^""^ "^o^^^ to the next track by mov- 

the Hbrary control unit 37 check?th~CoVr^ n^^^^^^ 

Ui'^C.^AlS^ReWa. e'#^^^^^^^ Enc-STLK^EY^x. Enc_AOB#x. and 

C.HASH.Refisiden.a.toC_HAS:ix^--JS^-^^ 
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but if they are identical, at step S80, the library control unit 37 decrements the number of permitted moves shown in the 
Move Control Information of the Usage Rule#x. and at step S81 , perfomis a secure write of the Usage Rule#x including 
the decremented number of permitted moves, and the Check-Out Control Information to the local storage 32. Next, at 
step S77 the library control unit 37 perfomis a secure write of 0 into the Availability Flag in Usage Rule#x on the SD 
memory card 100 and into the Content ID. and performs a secure write of random numbers into the other fields of the 
Usage Rule#x, including STI_KEY, thereby deleting Usage Rule#x from the SD memory card 100. In addition, the 
library control unit 37 makes the TKI#x in the SD_AUDIO.TKM file invalid, and deletes all information relating to TKI#x 
from the default Playlist in the SD_AUDIO.PLM file. Then, the library control unit 37 subtracts 1 from a POB file refer- 
ence counter included in the file POBOOO.POM referenced by TKI#x. If the reference counter is 0 when data is moved, 
the library control unit 37 deletes the POB file. 

[01671 Following this, at step S82, the library control unit 37 reads an AOB#x and an STKI#x forming a track#x from 
the user data area 8 on the SD memory card 1 00. and records the read data in the user data area of the local storage 
32 At step S83, the library control unit 37 performs a secure read of a Title Key Entry for AOB#x from the protected 
area 3 of the SD memory card 1 00, and then performs a secure write of the read Title Key Entry into the protected area 
of the local storage 32. Thus, the data set fomning the track#x is stored into the local storage 32. 
[0168] Following this, at step S78. the library control unit 37 detemiines whether the variable #x is the last number 
in the Usage Rule Manager, and if it is not the last number, at step S79. increments #x. Then processing moves to step 

^'l69] Once this processing has been repeated for all of the Usage Rules in the Usage Rule Manager, the library 
control unit 37 moves all of the tracks on the SD memory card 1O0 for which a move is pemiitted to the local storage 
32. A large number of copyrighted materials are accumulated in the local storage 32 in the customer device when the 
user purchases copyrighted materials from the distribution server 103 or moves copyrighted materials from the SD 
memory card 100. These accumulated copyrighted materials form a home music library. 

[0170] If a track check-out is requested, step S43 is Yes. and processing moves to step 866 in Fig. 40. At step S66. 
the library control unit 37 waits for the user to select a track to be recorded onto a recording medium other than the SD 
memory card 100. Once a track is selected (the selected track is called track #x), at step SI 00, the library control unit 
37 reads a unique Media-ID from the SD memory card 1 00 connected to the customer device, searches for an unused 
Content ID which it then assigns to the content and stores the Media-ID and Content ID for the Title Key Entry as a pair 
as check-out history infomiation. Then, at step S49. the library control unit 37 performs a secure read of the Usage 
Rule#x corresponding to the track#x. At step S50, the library control unit 37 determines whether the number of times 
check-out is permitted (the number of check-outs) shown in the Check-Out Information of the Usage Rule#x is 0. If the 
number is 0, the library control unit 37 skips the processing of steps S51 to S57. and moves to the steps S42 to S45. If 
the number is not 0, however, at step S51 , the library control unit 37 records the data set fomiing the track #x (apart 
from the Usage Rule) onto another recorxiing medium. When check-out is performed, data from the directory and file 
; structure shown in Fig. 12 compliant with the SD-Audio Verl.O is recorded on a portable recording medium, in other 
words the files 'AOB—.SAI ' , 'POB—.SPi:, ■SD.AUDIO.TKM', 'SD.AUDIO.PLM', "POBOOO.POM', 'AOBSAI .KEY", and 
•POBSP1 .KEY'. A track is recorded by this process, allowing track editing, such as combining and dividing, and fonward 
and backward searches to be perfomned. 

[0171] Next, the library control unit 37 decrements the number of check-outs, and at step S53, determines whether 
> the number of check-outs is 0. or 1 or more. If the number of check-outs is 0. the library control unit 37, at step S54 sets 
the track as 'check-out not permitted' and then moves to step S55. If the number of check-outs is 1 or more, the library 
control unit 37, at step S55, performs a secure write of the decremented number of check-outs to a Usage Rule in the 
local storage 32. Then, at step 856, the library control unit 37 verifies the number of check-outs in the Usage Rule, and 
at step 857 determines whether the number of check-outs has been properly written in the Usage Rule. If the number 
5 of check-outs has been properly written, processing moves to the loop processing of steps S42 to S45. 

[0172] if the user requests check-in, step S44 is Yes, and at step SI 01 , the library control unit 37 reads a Media-ID 
unique to the SD memory card 100, and a Content ID unique to a track from the SD memory card 100, tracks already 
having been recorded on the SD memory card 1 00. At step SI 02;,the library control unit 37 compares the paired Media- 
ID and Content ID, and the Media-ID and Content ID in the Check-Out history information, and at step SI 03 determines 
0 whether the tracks recorded on the SD memory card 1 00 are identical to tracks that have already been checked out. If 
a track is identical, in other words the same as a track that has been checked out. processing moves to step S58. but if 
the track is not identical, in other words not the same as a track that has been checked out, the library control unit 37 
moves to steps S42 to S45 without perfomning check-in processing. 

[0173] As step S58, the library control unit 37 perfomns a secure read of a Usage Rule from the protected area of 
s the local storage 32, and, at step S59, detenmines whether the number of check-outs in the Usage Rule is 0. If the 
number of check-outs is 0, at step S60, the library control unit 37 reads the data set forming the track, apart from the 
Usage Rule, to a recording medium to perform check-in, and, once the data set has been accumulated in the local stor- 
age 32, moves to step S92. If the number of check-outs is 1 or more, processing moves to step S92. At step S92, the 
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has reached a maximum number Max If X^^umh^; o^o\^^Zff^u ^ ""'"'^^^ °* check-outs 

to S45, but if the number of check-o^ s not mT' ^ '3^°^^^^^^^ ^^e loop of steps S42 

and, at step S64 verifies the numbeT of rhlr^ ^.'^ Jf^ ' ^^^^"""^ ^ ^^'^"^^ write of the number of check-outs 
secure wr.e of the Zber o^hS ou^' ^'^^f 37 detem^ines whether the 
to S45. performed, and if so moves to the processing loop of steps S42 

tSa, °^ t^^ ^^^^^^^^ ^ ^-o^k 

righted material f rom a KIO^K termrnaTcan p^^^^^^ TTl "'^'^^ ^° P"^^''^^ ^ «>Py- 

personal computer. ohec^^-ouX and check-in of the copyrighted material using their own 

Second Embodiment 

data area 8 has a subdirectory SD aS>RV R « ^^^^^^^ 

ExtendedraeKeyimH^slssho™ X i Co I LIT*,'' ™\'*°'' "^^ structure of these 

is set it 0. this inSes thJ l dement ofTh'^^^^^^^^ the Trigger Brt in the Usage Rules. When this flag 

to the pair of Preview Counter Sprev 1 Th'l^^^^^^^^ ^^'^"^'"^'^ ''^ ^«^«^""9 

. etbfdjL^^^^^^ 

SmatIS:,rLTenXTb^^^^^^^^^^^^^^ 

DRM Of the Default Offer sSownIn plg °i °' ^^^^^ °" P'^V^^^^k Time in the 

. KilLesTp:™ 

field, but the Extendi rl CEmS haxi bel^^^^^^^^^ ^'L" '^^--^--tring pattern property from this 

Character stnng pattern f.m ^..^^TZ^ZT^rTr^::^^^^^^ '^'^ 

Ky. He^,Vurpr::Srt;'n^^^^^^^^^^^ ^ -Vte Media-,0 and asec- 

• still encrypted, changing them to Xen vL ueT"h^c^e^h^^^^ 7"'" "''"^'^'^ "^"^ ^^^V 

8-blt block including the Preview Counferandt^^vi^ T^^^^^^ 

decryption of a following block is performed usi^SI lertton L^^^^^^ ^''^^ "^^d- 

the block including.the cha^cterLng p^l" d^^^" a^^^^^ Z""" '^'"^'""^ 

this way, a proper character string partem can on^! h^l^f ^ I u f'^'^' ^""9 P^tte-"" described above. In 
Threshold are in a normal state. ;^L prewCol^^^^ 'T"" ^-"^^ P-'- 

AOB file will be received, and the character strinn rSn^m fn »k J ,^ ^^"^ tampered with, a tampered 
the Characteristics of the character strintU can be used't ^ f k """^^'^^^'^ 
Threshold have been tampered wrth *° '"^^'^'^ ""^^^^^^ P'^^'^'^' Counter and Preview 

acopyrighted material is prev^ld Sg a E^xte^^^^^^^ un.t64 inthe SD-Audio players 122 to 124 when 

[0183] At step S81 . the control un,t 64 detem,ines whether the SD memory card 100 Is conne^rto the card con- 
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necter 34 and, if the answer is Yes, at step S82, displays a list of the tracks in the SD_ADPRV directory of the SD mem- 
ory card 1 00 At step S83, the control unit 64 waits for the userto select a track to be previewed. Here, the track selected 
by the user is a track #x. and at step S84, the control unit 64 performs a secure read of an Extended Title Key Entry#x 
for the track #x from the protected area 3. Following this, the control unit 64, at step S85, checks Trigger Bit#x, and if 
Trigger Bit#x is 1 , ends processing without performing steps S86 to S96. If the Trigger Bit#x is 0, at step S86, the control 
unit 64 obtains a character string pattern by performing C_CBC mode decryption on the Extended Title Key Entry#x. At 
step S87 the control unit 64 determines whether the character string pattern is normal. If it is abnormal, processing 
ends but if it is normal, at step S88, the control unit 64 determines whether the Preview Counter is 0. If the Preview 
Cour^ter is 0 processing ends, but if it is not, the control unit 64, at step S89, sets the Title Key of the Extended Title 
Key Entry#x in the descrambler 61 of the SD memory card 100. Following this, the control unit 64, at step S90, plays 
back track#x At step S92, the control unit 64 waits until the playback time has reached the time shown by the Preview 
Threshold#x, and once the time has been reached, at step S92, decrements the Preview Counter. Next, at step S93, 
the control unit 64 determines whether the Preview Counter is 1 or more, or 0. If it is 1 or more, the control unit 64, at 
step S94 perfonns a secure write of the Preview Counter, and then, at step S95, verifies the Preview Counter. If the 
Preview Counter is 0, however, at step S96, the control unit 64 deletes the Extended Title Key Entry, and at step S97. 
sets the Availability Flag at 0. 

[0184] In the second embodiment, the Preview Counter and Preview Threshold are recorded in the protected area 
3, making it difficult to tamper with them. This allows users to preview copyrighted materials, while ensunng that those 
same copyrighted materials remain properly protected. 

[0185] These embodiments describe the maximum effects that can be expected under current conditions, but the 
invention need not be limited to the structure described herein. The following alternatives are also possible. 

(a) The SD memory card in the first and second embodiments has a user data area 8 and a protected area 3, but 
the invention need not be limited to this, and the entire memory area of the SD memory card 1 00 may be a pro- 
tected area The SD memory card 1 00 is used as a recording medium, but the recording mediunn need not be lim- 
ited to semiconductor memory such as this, and an optical disc. HD or the like may be used provided that it has a 
protected area. 

(b) In the first and second embodiments, a single copyrighted material corresponds to a package and a collection 
of copyrighted materials such as an album corresponds to a title, but a collection of copyrighted materials may be 
transmitted as a single package. 

(c) The following may be used as requirements when previewing tracks: date (preview can be performed until a cer- 
tain date) number of preview days (preview can be performed for a certain time or a certain number of days), pre- 
view range (preview can be performed on a specified section of the track), or any combination of the above. 

(d) The data described as being recorded and played back in the first and second embodiments is limited to music 
and still picture data, but such limitations need not apply. The data may be any kind of reproduceable digital data, 
such as moving picture data, text data or any combination of the two. 

(e) The digital terminal in the first embodiment refers to the Move Control Information in the DRM and sets the Move 
Control Infomiation in the Usage Rule based on the DRM, but the digital terminal may refer to other mfonnation, 
and set the Move Control Information in the Usage Rule according to other criteria. For example, the Move Control 
Information may be set by considering information such as the hit chart ranking of copyrighted materials, whether 

5 the copyrighted material is a new release, and the sales figures for the copyrighted material. 

(f) The encrypted data, plain text data, encryption key, and Usage Rule wrtten in local storage may be read, and 
determination of whether the number of permitted moves in the Usage Rule is 0, or 1 or more perfomned, and if the 
number of permitted moves is 1 or more, the data may be stored on the SD memory card 1 00. 

(g) In the first embodiment, the setting of the permitted number of moves on the SD memory card 1 00 is assumed 
to be either 1 or 0, but other settings are also possible. If the permitted number of moves in the Move Control Infor- 
mation is set at 6 by the distribution server 103, the pennitted number of moves shown in the Move Control Infor- 
mation is changed and the Usage Rule is moved between each of the recording media, as shown in Fig. 45. 

[0186] Although the present invention has been fully described by way of examples with reference to accompanying 
drawings it is to be noted that various changes and modifications will be apparent to those skilled in the art. Therefore, 
unless such changes and modifications depart from the scope of the present invention, they should be construed as 
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being included therein. 
Claims 



the first receiving apparatus comprising: 

the second receiving apparatus comprising: 

»,e=opy™co^,don»*e recording .e^rb^C;,^^^^^^^^^^ 
J. The distribution system of Claim 1 . wherein: 

the control information indicates a number of remaining check-outs; 

medium When acopjof the held^^^^^^^^ 'V'" "^"^'"^ ""'^ ^"^^ 

numberofremainin^cher-o'uts^rL™ 

the data set moving unit Is at least one; and '"f°""ation held by one of the second receiving unit and 

the second receiving apparatus further comprises: 

The distribution system of Claim 2, wherein: 

the recording medium has an assigned unique identifier; 
the check-out unit Includes: 

an allooa>»„ „„, „pe.«e ,o a„<>oa,a a ™i,„. ,*„«.r ,. he« content .he „„,<,„e ide«,er being 
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recorded onto the recording medium with the content when check-out is performed; and 

a storage unit operable to read the unique identifier for the recording medium connected to the connecting unit 
from the recording medium, and store the read recording medium identifier as a pair with the allocated content 
identifier, and 

the check-in unit includes: 

a read unit operable to read, when a copy of the content has already been recorded on a recording medium 
connected to the connecting unit, the unique identifiers for the connected recording medium and the content; 

a comparing unit operable to compare the pair of identifiers read by the read unit with the pair of identifiers 
stored by the storage unit to determine whether the copy recorded on the connected recording medium was 
previously produced by the second recording apparatus; 

a holding unit operable to read, when the copy was previously produced by the second recording apparatus, 
the copy from the connected recording medium, hold the read copy, and then delete the copy from the record- 
ing medium. 

The distribution system of Claim 3. wherein, when the authorization information recorded on the distribution 
medium shows that moving the data set is not permitted, the reading unit is not operable to read the content and 
the usage rule information, and 

the playback apparatus plays back the corresponding content directly from the distribution medium, when the 
authorization infonnation indicates that moving the data set is not permitted. 

A semiconductor memory card used as a distribution medium in a distribution system, the distribution system 
including a distribution server for distributing a content via a network, a first receiving apparatus for receiving the 
content via the network and recording the content onto a distribution medium, a second receiving apparatus for 
receiving the content via the distribution medium and recording a copy of the content onto a recording medium, and 
a playback apparatus for receiving the copy of the content via the recording medium and playing back the received 
content, the semiconductor memory card comprising: 

a volume area, in which a content and usage rule information are recorded, the usage rule infonnation includ- 
ing control information controlling copying of the recorded content onto the recording medium, and authoriza- 
tion infonnation showing whether moving the control infonnation and the content to the second receiving 
apparatus is pennitted. 

The semiconductor memory card of Claim 5, wherein the content Includes encrypted audio data and a correspond- 
ing encryption key used to encrypt the encrypted audio data, and the volume area includes: 

a user data area that stores the encrypted audio data and can be accessed by a device connected to the sem- 
iconductor memory card regardless of whether the authenticity of the device has been recognized, and 

a protected area that stores the usage rule Infonnation and the encryption key and can only be accessed by a 
device connected to the semiconductor memory card when the authenticity of the device has been recognized. 

The semiconductor card of Claim 6, wherein the authorization information shows that moving the control informa- 
tion and content is permitted by indicating a number of permitted moves. 

A first receiving apparatus in a distribution system, the distribution system including a distribution server for distrib- 
uting a content via a network, a first receiving apparatus for receiving the content via the network and recording the 
content onto a distribution medium, a second receiving apparatus for receiving the content via the distribution 
medium and recording a copy of the content onto a recording medium, and a playback apparatus for receiving the 
copy of the content via the recording medium and playing back the received content, and the first receiving appa- 
ratus comprising: 

a first receiving unit operable to receive via the network a data set including the content and control information 
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controlling copying of the content onto the recording medium, and hold the received data set; and 

In'^^T'"^ ""^'^'"^ *° ^^"^'^^^ authorization information showing whether moving the data set to 
^.nnl'i^r"'"'^ ^TT^ ^"'^ '^'^^"^ '^^"^^"^ ^ distribution medium together wrth cor- 

incTdedTn^hrd^Jr "'^^^ authorization information, and (2) the conL infom^rn 

^' '^^'"'"'^ ^ distribution server via the network, as well as receiving contents 

via a distnbution medium, and recording copies of a received content onto a recording medium. 

the distribution medium storing contents and corresponding usage rule Infomiation and 

Zlo^nn '"f°^"'f °" '"^'"ding control information controlling copying of a recorded Content onto the 

t^ntTn? "^f T- ^"'^ authorization Infomiation showing whether moving a data set including a paired con 

tent and control information to the receiving apparatus is permitted, and 

the receiving apparatus comprising: 

^e^eSd datattT''^'''' '° """^^ '""'"^ ^"^ 

thfJl'tr^ot th""H ?-HT'' '° infomiation from the distribution medium, and (a) move 

the data set from the d.stnbution medium to the inside of the second receiving apparatus and (b) hold the data 
set^on y when the read authorization infomiation shows that moving the dalJ set is pem^'tted and 
In^Tl" '° ^'""^ ^"'"'-^"^ ^^'^ °^ tf^^ second receiving unit 

Tr^f nnT .T'"^ ^'^^-^^^ ^^"'^ °" information in the held data set by gen- 

erating a copy of the content Included in the held data set and recording the copy onto the recording medfur^ 
the copy recorded onto the recording medium being supplied to the playback apparatus. 

10. A recording medium recording a computer-readable program for having a computer perform processino as a first 
c^nterltLTn^? system including a distribution se^TrTorltrLinTa 

riLordiJrfcrvTth ' r T°"' """""^ "^^'"'"9 ^'^ distribution mediSm and 

content v,a the recording medium and playing back the received content, and the program comprising: 

t^roiS^a coitn 5^^^ °' '■'f'!'"^ ^ ''^^^ '"^'"''"9 '^^^^^^^ ^"'^ ^^"t™' information con- 

trolling copying of the content onto the recording medium, and holding the received data set; and 

1^!^^'"^ °^ generating authorization information showing whether moving the data set to another 
snond no T^^'"! " f''"'*""'' ''""""''"^ '""^ ^ together with col 

11. A recording medium recording a computer-readable program for having a computer perfonn processina as a 

raTs^ribTon mL^T^'T' '^^r"^ """^ ^ ^^"^^ ^ - -Sg ont^nts 

via a distribution medium, and recording copies of a received content onto a recording medium. 

the distribution medium storing contents and corresponding usage rule information. 

tLt?n^ '"l! infomiation including control infomiation controlling copying of a recorded content onto the 
3nt In^' f T; infomiation showing whether moving a data set including a paired cln 

tent and control information to the receiving apparatus is permitted, and 

the receiving apparatus comprising: 

daJset"^ °^ '^''^''^"^ "^^^ ^""^ ^^"'^^ the network, and holding the received 

Ltattlrr nSf '■'^''''"i information from the distribution medium, and (a) moving the 

set ont whl ,H S '° °' ^^'^^"^ ^'^^'^■■"S ^P^^^^- and (b) holding the data 

set, only when the read authorization infonmation shows that moving the data set is permitted- and 
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a check-out-step of performing check-out when the data set is held by one of the second receiving unit and the 
data set moving unit, check-out performed based on the control information in the held data set by generating 
a copy of the content included in the held data set and recording the copy onto the recording medium, the copy 
recorded onto the recording medium being supplied to the playback apparatus. 

12. A receiving method applied by a first receiving apparatus in a distribution system, the distribution system including 
a distribution sen/erfor distributing a content via a network, a first receiving apparatus for receiving the content via 
the network and recording the content onto a distribution medium, a second receiving apparatus for receiving the 
content via the distribution medium and recording a copy of the content onto a recording medium, and a playback 
10 apparatus for receiving the copy of the content via the recording medium and playing back the received content, 
and the receiving method comprising: 

a first receiving step of receiving via the network a data set including the content and control information con- 
trolling copying of the content onto the recording medium, and holding the received data set; and 
15 a recording step of generating authorization information showing whether moving the data set to another 

receiving apparatus is permitted, and recording the content onto a distribution medium together with corre- 
sponding usage rule information including (1) the authorization infomnation, and (2) the control information 
included in the data set. 

20 13. A receiving method for recording a computer-readable program for receiving contents from a distribution server via 
the network, as well as receiving contents via a distribution medium, and recording copies of a received content 
onto a recording medium, 

the distribution medium storing contents and corresponding usage rule infonnation, 
25 the usage rule infonnation including control information controlling copying of a recorded content onto the 

recording medium, and authorization information showing whether moving a data set including a paired con- 
tent and control information to the receiving apparatus is permitted, and 
the receiving method comprising: 

a receiving step of receiving the data set from the distribution server via the network, and holding the received 
30 data set; . 

a data set moving step of reading authorization information from the distribution medium, and (a) moving the 
data set from the distribution medium to the inside of the second receiving apparatus, and (b) holding the data 
set, only when the read authorization information shows that moving the data set is pemiitted; and 
a check-out step of performing check-out when the data set is held by one of the second receiving unit and the 
35 data set moving unit, check-out perfomned based on the control infonnation in the held data set by generating 

a copy of the content included in the held data set and recording the copy onto the recording medium, the copy 
recorded onto the recording medium being supplied to the playback apparatus. 
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FIG. 2A 

RECORDING MEDIUM 



>^m ENCRYPTION KEY SO DEVICE HAVING THIS 
RECORDING MEDIUM CANNOT PLAY BACK 
COPYRIGHTED MATERIAL 



FIG. 2B 
RECORDING MEDIUM 



5*^HAS AN ENCRYPTION KEY, SO DEVICE HAVING Tffl^ 
RECORDING MEDIUM CAN PLAY BACK COPYRIGHTED 

r^USAGE RULE.SO COPYRIGHTED MATERIA CANNOT 
BE RECORDED TO ANOTHER RECORDING MEDIUM 



^ FIG.2C 
RECORDING MEDIUM 



^HAS AN ENCRYPTION KEY. SO DEVICE HAWNG TO^^ 
RECORDING MEDIUM CAN PLAY BACK COPYRIGHTED 

^AsTuSAGE RULE.SO COPYRIGHTED MATERIAL 
CAN BE RECORDED ON ANOTHER RECORDING MEDIUM 
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FIG. 12 
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FIG. 13 
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FIG. 15 
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FIG. 23A 
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FIG. 25 
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